[ZDNet] iPhone executes SMS binary code as root - Overclock.net

SonicJoe · 07-03-09

Quote:

A security flaw has been discovered in the iPhone OS that could allow attackers to gain root access to the iPhone OS and allow them to install and execute malicious programs at will.

Charlie Miller announced the discovery of the vulnerability during a presentation at the SyScan conference in Singapore on Thursday. DailyTech explains:

The iPhone apparently automatically executes binary code sent in SMS messages. Messages are limited to 140 bytes, but this is little deterrence as longer programs can be broken up into several messages, which the phone automatically reassembles. While other applications such as the Safari browser on the phone only enjoy access to their sandbox, the SMS system is automatically granted root access, and SMS commands execute as root.

Miller wouldn’t provide specific details nor would he demonstrate the vulnerability stating that he has entered under an agreement with Apple. He’d only say, “SMS is a great vector to attack the iPhone.”

I can't believe no one else posted this...

Source

oregonducks45 · 07-03-09

also of note apple is supposed to be releasing a patch this month that fixes this

Licht · 07-03-09

This is a massive security risk... I wonder if any major exploits will be born in time.

oregonducks45 · 07-03-09

Quote:

Originally Posted by Licht

This is a massive security risk... I wonder if any major exploits will be born in time.

doubtful because my guess is that this has been in since the first iphone os, unless it has to do with mms, so after 2 years it was just discovered i dont think there will be an exploit in under a month

gex80 · 07-03-09

Quote:

Originally Posted by oregonducks45

doubtful because my guess is that this has been in since the first iphone os, unless it has to do with mms, so after 2 years it was just discovered i dont think there will be an exploit in under a month

what makes u think it doesnt have to do with OS 3?

Seems like apple has been falling off the ball with their security and OSes lately.

R@ZOR · 07-03-09

JB through SMS :P Apparently its being fixed in 3.1 which should come out within a month

oregonducks45 · 07-03-09

Quote:

Originally Posted by gex80

what makes u think it doesnt have to do with OS 3?

Seems like apple has been falling off the ball with their security and OSes lately.

well the only thing they changed in regardeds to messaging, i believe, is the addition of mms which could be the cause as i said

SyncMaster753 · 07-03-09

if you get a text from someone you don't know and the preview is all 0/1's don't open it, lol problem solved

SonicJoe · 07-04-09

Quote:

Originally Posted by SyncMaster753

if you get a text from someone you don't know and the preview is all 0/1's don't open it, lol problem solved

You may be right, but the article implies you don't even have to open them, they just need to be received and the phone will execute.

I know its being fixed in a month, but that seems to be a pretty big oversight, and being fixed how? We'll have to keep an eye out. The security issue is actually two problems: 1)the auto-execute of binary code; and 2) SMS running as root. If they only fix one or the other, there still may be other ways to infiltrate.

Brutuz · 07-04-09

Apple: "Our computers are more secure than your PC"
Microsoft: "Our phones don't have gigantic security holes in them

"

		Overclock.net - Overclocking.net > Industry News > Hardware News
[ZDNet] iPhone executes SMS binary code as root

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)